SAN FRANCISCO -- In his keynote address at the RSA Conference here, Microsoft's chief research and strategy officer Craig Mundie sought to rally the high-tech industry and its customers to an idea Microsoft is calling "End to End Trust," a system for the Internet where identity claims can be validated according to sound security principles.

“We believe that End to End Trust will transform how the industry thinks about and approaches online trust and security,” Mundie said. Microsoft wants broad feedback not just from high-tech, but from government, businesses and people everywhere to make its vision a reality. As to what the idea of End to End Trust vision might entail, Microsoft published a 20-page white paper to explain it, stating “the path forward” includes having a “trusted stack” comprising trusted devices, trusted operating system, trusted applications, trusted people and trusted data plus an audit trail.

“We want to formalize a dialog with a lot more people,” Mundie said. “We need a collaboration with a lot of people making products in this area.”

Microsoft says challenges to achieving this End to End Trust goal will be political, legal and social, not just technical, since online identity touches on notions about privacy and business activity.

One of the few concrete examples that Mundie provided was the idea of a digital certificate that proved someone was at least 18 years ago.

Where exactly Microsoft will go with End to End Trust and the Trusted Stack isn’t readily apparent. Doug Leland, general manager of the identity and access division at Microsoft, said Mundie “laid out a vision for how we’re taking the Trustworthy Computing Initiative,” begun half a dozen years ago. In those years, Microsoft re-tooled its products as it sought better security. Microsoft sees End to End Trust as the next step toward an identity system for the Web. He did say the future ideal of the “trusted stack” would include Windows Server 2008.

However, many seem skeptical about Microsoft’s vision.

“Microsoft will conquer End to End Trust after they’ve conquered the online computing games,” scoffed independent security analyst  and Network World blogger Richard Stiennon, attending the RSA Conference here.

The Liberty Alliance is the organization dedicated to building federated identity across government and private enterprises based on de facto standards such as the Security Assertion Markup Language (SAML), digital certificates, and agreed-upon business guidelines. After a presentation at the RSA Conference about the group’s most recent activities, some panelists expressed views about Mundie's keynote.

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports